Method and apparatus for a client connection manager

ABSTRACT

A method and apparatus for a connection manager have been disclosed. By providing for persistent connections with clients, the connection manager allows for servers to communicate with clients, which would otherwise be inaccessible.

RELATED APPLICATION

The present Application for Patent is a continuation of co-pendingdivisional U.S. patent application Ser. No. 11/558,904 titled “METHODAND APPARATUS FOR A CLIENT CONNECTION MANAGER” pending which is acontinuation of U.S. patent application Ser. No. 10/222,076 titled“METHOD AND APPARATUS FOR A CLIENT CONNECTION MANAGER” filed Aug. 15,2002, and all are hereby incorporated herein by reference.

FIELD OF THE INVENTION

The present invention pertains to clients connected to a network. Moreparticularly, the present invention relates to a connection manager forhandling clients connected to a network.

BACKGROUND OF THE INVENTION

Connecting clients to servers presents challenges when the client isbehind a firewall or router. A common scenario is as illustrated in FIG.3. Here, a variety of clients 302-1 through 302-C are located in a house301 and are connected to a firewall 304. Connections 306 are neededbetween the firewall 304 and the server 308. The firewall 304 may alsobe another device that protects and/or limits communication. Forexample, the firewall may be a gateway, a Network Address Translation(NAT) apparatus, etc.

A common situation arises as follows. A service provider has a server onthe Internet, and a user has a client on a local LAN (Local AreaNetwork) that is intended to work with the server. However, the LAN andthe Internet are separated by a firewall. The LAN may be, for example,either a corporate LAN, a home network, etc. The firewall is often usedto provide protection (especially in the case of a corporate LAN)between external and internal resources but sometimes it may be presentas part of a NAT (Network Address Translation) to provide additional IP(Internet Protocol) addresses on the LAN. In many cases, a user willwant the client and the server to communicate with each other withoutmodifying the firewall, either because the firewall is not within theircontrol (it may be run by the information systems department or theInternet service provider) or because they don't know how or don't wantto go through the trouble of modifying the firewall.

Many Internet-based services require server-initiated transactions. Forexample, if a user has a network-enabled security system and wants tocheck on the status of the system while on vacation, the securityservice's server must initiate a transaction with, for example, a motionsensor to query the status. Before a transaction can be initiated, theremust be a network connection between the client and the server. However,if there is a firewall or NAT router between the client and the server,the server may not be able to initiate a connection to the clientbecause it will be blocked by the firewall/NAT. Firewalls attempt tomake it impossible for unauthorized connections from the outside (i.e.Internet) to clients behind the firewall to occur while NATs exhibitthis behavior as a side-effect. However, firewalls and NATs, relativelyfreely allow connections from the inside out to the Internet.

Therefore, one possible solution for server-initiated transactions is tofirst establish a persistent network connection from the client to theserver. With a persistent connection between the client and the server,the server can initiate transactions whenever necessary, and the clientcan also initiate transactions over the same connection. The clientinitiates the connection, since it can initiate network connections outto the server relatively easily. The client may connect to the serverupon, for example, powering on, and maintain the connectionindefinitely, or establish a connection on a prescribed schedule. If aconnection is dropped by intervening routers, etc., the client mayattempt to reestablish the connection.

This scheme may work fine for a small numbers of clients. However, for alarge number (i.e. thousands or more) of clients connecting to a singleserver, the server will soon be overloaded by the large number ofsimultaneous connections, even if none are actively engaged intransactions. Industry-standard servers do not handle persistentconnections well because each connection uses resources, and only alimited number of connections can be maintained simultaneously. In atypical Operating System (such as Solaris, Linux, Windows) the TCP/IP(Transmission Control Protocol/Internet Protocol) implementation isdesigned such that when a connection is established, a significantamount of system memory is allocated for data buffers and structures tokeep track of the state of the connection. As the data structures grow,more computing time is needed to service each connection when it isactive. Application level connections such as HTTP (Hypertext TransferProtocol) carry similar (additional) burdens. If a server is attemptingto manage a large number of connections, it is soon overwhelmed with theoverhead of simply managing the connections. This presents a problem.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example and notlimitation in the figures of the accompanying drawings, in which likereferences indicate similar elements and in which:

FIG. 1 illustrates a network environment in which the method andapparatus of the present invention may be implemented;

FIG. 2 is a block diagram of a computer system embodiment;

FIG. 3 illustrates one embodiment of clients behind a firewall;

FIG. 4 illustrates one embodiment of a connection manager;

FIG. 5 is a flowchart illustrating one embodiment of client interactionwith a connection manager;

FIG. 6 is a flowchart illustrating one embodiment of server interactionwith a connection manager;

FIG. 7 illustrates one embodiment of a network stack;

FIG. 8 illustrates one embodiment of a connection manager in blockdiagram form;

FIG. 9 illustrates one embodiment of the connection manager concept;

FIG. 10 illustrates one embodiment of a connection manager in a modifiedversion of the TCP layer;

FIG. 11 illustrates one embodiment of a server side persistent APIsocket;

FIG. 12 illustrates one embodiment of a server side transient APIsocket;

FIG. 13 illustrates one embodiment of a connection manager as anappliance;

FIG. 14 illustrates one embodiment of the connection manager as atransparent router appliance;

FIG. 15 illustrates one embodiment of the connection manager as a proxyappliance;

FIG. 16 illustrates one embodiment of a modifiable client;

FIG. 17 illustrates one embodiment of a connection initiating clientwith an agent;

FIG. 18 illustrates one embodiment of a connection initiating client, anagent, and the connection manager;

FIG. 19 illustrates one embodiment of the present invention with aconnection accepting client with an agent;

FIG. 20 illustrates one embodiment of a connection accepting client, anagent, and the connection manager;

FIG. 21 illustrates one embodiment of an implementation of a monitoringand processing thread in a connection manager;

FIG. 22 illustrates one embodiment of the present invention for a clientto server connection request;

FIG. 23 illustrates one embodiment of the present invention for a serverto client connection request;

FIG. 24 illustrates one embodiment of the connection manager receivingclient data; and

FIG. 25 illustrates one embodiment of the present invention showing anauto-determination.

DETAILED DESCRIPTION

A method and apparatus for a client connection manager are described.

The present invention, by providing for persistent connections toclients, allows for server interaction and communication with clientsthat otherwise may not be accessible.

In the explanation below various terminology is used. These areunderstood by those skilled in the art. For the benefit of the readerthe following should be noted. To provide a concise illustration of thepresent invention the context of the description will often refer toconnecting Internet based services to network-enabled devices (i.e.clients). One skilled in the art will appreciate that the Internet isbut one example of a network and that the present invention may bepracticed with other networks. From a terminology perspective pleasenote the following. A Service may be offered via a Server. The terms“device” and “client” are used interchangeably. A Transaction is anapplication level exchange between a client and a server. A transactionmay be initiated by either the client or the server. A Connection is anetwork level connection, such as a TCP socket, an HTTP connection, orother bi-directional connection and may have a lifetime greater than atransaction.

Reference is made to tearing down a connection. Tearing down aconnection is a term of art, which refers to removing a communicationchannel between communicating units (for example, a client and aserver). Tearing down a connection does not necessarily imply alsoremoving or disconnecting the clients. For example, a connection may beestablished between a server and a connection manager, anotherconnection may be made between the connection manager and a client. Theconnection manager may also establish a connection between the serverand the client. Now, tearing down the client to server connection doesnot imply that the client-to-connection manager or server-to-connectionmanager connections are torn down.

As noted above, if a server is attempting to manage a large number ofconnections, it is soon overwhelmed with the overhead of simply managingthe connections. What is needed, and the present invention discloses, isa connection management scheme and apparatus designed specifically fordevice servers. A device server may be characterized as a large numberof simultaneous connections, however, only a small number may be activeat any one time. The present invention, a Client Connection Manager isable to support a large number of persistent connections.

In one embodiment of the present invention, a specialized TCP/IP stackreplaces the standard TCP/IP stack on the server and allows the serverto maintain many more connections without overloading the server.

In yet another embodiment of the present invention, a separate machine(such as a connection manager) intervenes between the clients and theserver. This new machine runs the specially designed TCP/IP stack, whichmaintains the many client connections and only forwards the applicationlevel transactions to the server.

FIG. 4 illustrates one embodiment 400 of a connection manager 404connected to clients 402-1 through 402-C and to servers 406-1 through406-S. In operation the clients (402-1 through 402-C) request connectionwith a server (406-1 through 406-S). The connection manager 404establishes a connection with the client, establishes a connection withthe requested server, and then establishes the client to serverconnection. When the client to server connection is no longer needed,the connection manager 404 tears down the server connection, however itmaintains the client to connection manager connection. In this way, if aserver needs to access the client, the connection manager already has aconnection to the client. Thus, if server 406-1 needs to communicatewith client 402-2, the server 406-1 communicates with the connectionmanager 404 to establish a connection with client 402-2. The connectionmanager 404 would accept connection with the server 406-1, and thenestablish a server to client connection to client 402-2 since it alreadyhas a connection manager 404 to client 402-2 connection. When the server406-1 to client 402-2 connection is no longer needed, the connectionmanager 404 will tear down the server to client connection. Theconnection manager will maintain the client connection and may or maynot maintain the server connection.

Whether to maintain or tear down a connection may be based, in oneembodiment, on activity on the connection. For example, if the client isa music player and the server is providing a music file, the connectionmay be torn down after the transaction of transferring the file(s) iscompleted. In another embodiment, the client may communicate to theconnection manager information on when to tear down the connection. Forexample, the client may be a digital camera uploading pictures to aserver. The camera may instruct the connection manager when the transferis complete, and the connection manager may then tear down the client toserver connection. The client commands to the connection manager on howto manage the client to server connection may not need to be sent to theserver. That is, they are commands only intended for the connectionmanager. To be compatible with an environment in which a connectionmanager may not be present, the connection manager commands, if receivedby the server may be ignored.

FIG. 5 is a flowchart illustrating one embodiment of client interactionwith a connection manager. At 502 the connection manager (CM) receives aclient connection request. At 504 the CM establishes a connection withthe client. At 506 it is determined if a connection to a server isneeded. If no connection to a server is needed, then there is a loopback to 506 to check again. If a connection to a server is needed, thenat 508 a check is made to determine if the server is currently connectedto the connection manager. If the server is not currently connected tothe CM then at 510, the CM establishes a CM to server connection andthen proceeds to 512. If the server is currently connected to the CM(either via 508 or 510) then the CM connects the client to the server at512. At 514 a check is made to determine if the connection is stillneeded. If the connection is still needed, then loop back to 514 tocheck again. If the client to server connection is no longer needed,then at 516 the connection manager disconnects the client from theserver. Optionally at 518 the connection manager may tear down theconnection manager to server connection.

FIG. 6 is a flowchart illustrating one embodiment of server interactionwith a connection manager. At 602 the connection manager (CM) receives aserver connection request. At 604 the CM establishes a connection withthe server. At 606 it is determined if a connection to a client isneeded. If no connection to a client is needed, then there is a loopback to 606 to check again. If a connection to a client is needed, thenat 608 a check is made to determine if the server is currently connectedto the connection manager. If the server is not currently connected tothe connection manager then at 610 some other action may be taken. Forexample, the connection manager may wait until the client is connected,or it may refuse the server connection, etc. If the client is currentlyconnected to the connection manager then the connection manager connectsthe server to the client at 612. At 614 a check is made to determine ifthe connection is still needed. If the connection is still needed, thenloop back to 614 to check again. If the server to client connection isno longer needed, then at 616 the connection manager disconnects theserver from the client. Optionally at 618 the connection manager maytear down the connection manager to server connection.

FIG. 7 illustrates one embodiment of a network stack 700. Here, theclient 710 interfaces to a network 708. The network 708 interfaces tothe connection manager 706. The connection manager 706 interfaces to anetwork layer 704 that communicates with a server 702. If the client 710is aware of the connection manager 706, the client may communicatethrough network 708, connection manager specific commands (CMSCs) thatmay be monitored and acted upon by the connection manager 706. TheseCMSCs may or may not be communicated through network layer 704 to theserver 702. Likewise, if the server 702 is aware of the connectionmanager 706, it may issue CMSCs. For example, based upon the nature ofrequests reaching server 702 from clients, it may request of theconnection manager 706 through a CMSC that its timeout for a disconnectbe modified. Many capabilities of the connection manager and its mode ofoperation, communication, and interaction with the server 702 and client710 may be affected by CMSCs.

FIG. 8 illustrates one embodiment of a connection manager in blockdiagram form 800. A client side network interface 804 receives clientconnections via links 816, and command and status inputs 802 and 814,and generates a command and status output 806. The server side networkinterface 810 receives server connections via links 822, and command andstatus inputs 812 and 806, and generates a command and status output814. Command and status 802 and 812 may originate, for example, from amicroprocessor based system. Connection matrix 808 receives command andstatus inputs from 806 and 814. The connection matrix 808 also has linksto the client side network interface 804 via links 818, and links to theserver side network interface 810 via links 820.

In operation, in one embodiment, the client side network interface 804receives a client connection request via one of the links 816. Theclient side network interface 804 establishes a connection with theclients. The connection matrix 808 is informed via 806 of the need toestablish a connection with a server. The server side network interface810 is also informed of the need to establish a connection with aserver. Based on this information, the server side network interface 810establishes a connection with a server via one of the links 822. Theserver side network interface 810 then informs via 814 the connectionmatrix 808 of the connection with the server. Connection matrix 808 thenestablishes a link between the client and the server via the connectionmatrix 808 links 818 to the client side network interface 804 and thelinks 820 to the server side network interface.

At tear down, in one embodiment, command and status signal 812 signalsthe server side network 810 to disconnect the server to clientconnection but maintain the client and server connection. Thisinformation is processed by the server side network interface 810 tomaintain the connection to the server. Information is passed via 814 tothe connection matrix 808 to disconnect, and to the client side networkinterface 804 to maintain the client connection. One skilled in the artwill appreciate that many other options, commands, and control may beimplemented via the block diagram in FIG. 8.

Thus, a connection manager may maintain many persistent connections toclients and establish fewer connections to servers, and establish theseconnections only when needed by the clients. Each transaction may belabeled with an identifier of the server and/or client (for example, onesuch approach may be to use the source and destination IP addresses toprovide the labeling). For each client, a connection between theConnection Manager and the Server may be established whenever a clienttransaction occurs. The connection may be terminated when thetransaction is complete.

The connection manager may be able to minimize system resources consumedby connections, by taking advantage of the fact that many connectionsmay be idle. A connection may have multiple states, depending on, forexample, its recent level of activity. For example, there may be threestates of a connection: 1) Active—transferring data or ready to transferimmediately; 2) Standby—ready for transfer, connection state ismaintained in memory, but buffers are released and must be re-allocated;and 3) Idle—inactive, buffers are released and state information ismaintained, for example, on a disk. It may take a longer time to goActive when in the Idle state. After a period of inactivity, theconnection may switch to Standby, then to Idle. A keep-alive signal maybe transmitted periodically by the client (using empty TCP segments, forexample). The TCP layer may be designed to manage this keep-alivemechanism while maintaining the Idle state.

Thus, what has been described is a connection manager, which byproviding for persistent connections with many clients, allows forclients communications with servers that otherwise may have beeninaccessible.

What follows are more detailed possible embodiments of the presentinvention. As mentioned previously, there are various techniques andapproaches to practicing the present invention. One is as a server sideimplementation, the other as a client side implementation. There are twomain server side implementations, 1) a server running a modified TCPnetwork layer, and 2) a stand-alone appliance intervening between theclient and server.

FIG. 9 illustrates one embodiment 900 of the connection manager 904concept. Clients 1 to N (902-1 through 902-N) are connected to theconnection manager 904. The service or application 906 is connected tothe connection manager 904.

One embodiment of the present invention may effect a connection manageron a server. In these implementations, the connection manager functionmay run on the same machine as the server function. In thisimplementation, the Server's network stack incorporates a modifiedversion of the TCP layer. Incoming connections are initially in anactive state or “ready” state. Connections which are not activelytransferring data may be transitioned to an inactive state where theyconsume less system resources.

FIG. 10 illustrates one embodiment 1000 of a connection manager in amodified version of the TCP layer (see 1010). Clients 1 to N (1002-1through 1002-N) are connected to the server's 1006 network and lowerlayers 1008 via N connections 1004. Moving upward from the network andlower layers 1008 is the TCP layer with the connection manager 1010, thesocket interface 1012, the fewer than N connections 1014, and the serverapplication 1016.

The behavior of the modified TCP layer may be further classifiedaccording to application socket lifetime variations. One suchclassification is into persistent and transient server applicationinterfaces. In both cases, external client connections are alwayspersisted by the TCP layer, however the difference is in the way theinterface to the server application is handled.

In a persistent application interface, the application's “socket” ismaintained as long as the client is connected to the server, even if theconnection has been put in the inactive state. Depending on the style ofsocket interface used by the server application, it may be necessary tomodify the application for this type of interface. For example, if theapplication expects network transmit buffers to always be available andwritable, it will need to be modified do a buffer request first.

FIG. 11 illustrates one embodiment 1100 of a server side persistent API(application programming interface) socket. At 1102 a check is made tosee if the client is connected to the server. If the client is connectedto the server then the application socket is maintained 1104. If theclient is not connected to the server then the socket is closed and theTCP client connection is maintained 1106.

In a transient application interface, the application's “socket” isclosed when a client connection is transitioned to the inactive state.The modified TCP layer maintains the connection with the client eventhough the application sees the connection as being closed. When theapplication needs to transmit data to the client, it opens a connection(socket) to the client. The modified TCP layer maps the connectionrequest to the already connected client after transitioning it to theactive state. When the client sends data to the server, the TCP layersimulates a connection request to the application so it can pass thedata up to the application. This behavior may be preferred if theapplication maintains a significant amount of session state informationfor each connection, keeps its own network buffers, or creates threadsor processes for each connection, etc.

FIG. 12 illustrates one embodiment 1200 of a server side transient APIsocket. At 1202 a check is made to see if the client is connected to theserver. If the client is connected to the server then a check is made tosee of the client connection is active 1204. If the client connection isactive then the application socket is maintained 1206, and then a checkis made to see if the client is connected to the server 1202. If theclient is not connected to the server (checked at 1202) or the clientconnection is not active (checked at 1204) then the socket is closed andthe TCP layer client connection is maintained 1208.

Other implementations are possible based on application interfacevariations (transparent, controllable, etc.). For example, in atransparent implementation, the CM's network interface may comply withthe platform's traditional network interface to which the applicationhas been written. That is, the presence of the CM appears invisible tothe application and no modification is required to utilize a CM.

In a controllable implementation, in order to give the applicationadditional control over the CM, an extended network interface may beemployed. The interface extension may be in the form of additionalfunction calls (methods) available on the network interface, and/or aseparate module with its own set of methods. Thus, although it may bedesirable to make the CM transparent to the server, so no modificationsto server code (OS or application) is necessary, additional features maybe made available if the server and/or client are “CM aware” and canissue commands to the CM itself. This may be accomplished through aseparate control channel to the CM and/or by embedding CM commands inthe payload of existing connections. By employing this control channelthe server and/or client may control parameters for each connection suchas: 1) timeout periods—the amount of time before connections aretransitioned to inactive states, 2) whether or not keep-alives arenecessary, 3) whether or not persistent connections are necessary or ifthe client can be connected to directly (i.e. not behind a firewall), 4)setting a connection to “always active”, and 5) etcetera.

As mentioned previously, one embodiment of the present invention mayhave the connection manager (CM) as a stand-alone appliance. In thestand-alone appliance implementation, a specialized appliance intervenesbetween the server and the client. The CM appliance allows manysimultaneous client connections but only requires the active connectionsto go to the server. The server Operating System (OS) requires nomodifications and may use a standard TCP implementation in its networkstack. The application may or may not require modifications to functionwith the CM appliance. There are various embodiments for the stand-aloneappliance, such as, but not limited to, the connection manager as atransparent router appliance, the connection manager as a proxyappliance, etc.

FIG. 13 illustrates one embodiment 1300 of a connection manager 1306 asan appliance. Clients 1 to N (1302-1 through 1302-N) are connected via Nconnections 1304 to the connection manger 1306. The connection manager1306 is connected to the server's 1310 network and lower layers 1312 viafewer than N connections 1308. Moving upward from the network and lowerlayers 1312 is the TCP layer 1314, the socket interface 1316, and theserver application 1318.

One embodiment of the present invention is a connection manager as atransparent router appliance. In the transparent router applianceimplementation, the CM behaves like a typical router, as seen from theserver. It routes IP packets between the local network and the wide areanetwork (WAN, Internet, etc.). The network may be set up to route allpackets between the server and clients via the CM. When the serverinitiates a TCP connection to a client, instead of routing thesepackets, the CM recognizes them, and responds, pretending to be theclient. It then passes data back and forth between the server and thepre-existing client connection. Clients on the WAN connect persistentlyto the CM router. The CM maintains the connections and may forward theconnection to the server when the connection is actively transactingdata. At a defined time, connections that are not active may be put inan inactive state and the CM to server connection may be closed. Whenthe server requests a connection to a client which is already connectedto the CM, the client connection is changed from inactive to active andthe server request is linked to the existing connection. When the serveris finished, it closes the connection. In response, the CM puts theCM-to-client connection in an inactive state and closes the CM-to-serverconnection.

FIG. 14 illustrates one embodiment 1400 of the connection manager 1406as a transparent router appliance. Clients 1 to N (1402-1 through1402-N) are connected to the Internet 1404. The connection managerrouter 1406 is connected to the Internet 1404, and to the server 1408.

In the proxy appliance implementation, the CM behaves like a typicalproxy, as seen from the server. It acts on behalf of the server tocreate connections between the server and the WAN. The server connectsto the proxy CM and makes client connection requests to the proxy usinga standard proxy protocol. The CM proxy responds to the requests byforwarding data between the already existing client connection and theserver. Clients on the WAN connect persistently to the CM proxy. The CMproxy maintains the client connections and may forward the connectiondata to the server when the connection is actively transacting data. Ata defined time, connections that are not active may be put in aninactive state and the CM to server connection may be closed. When theserver requests a connection to a client which is already connected tothe CM, the client connection is changed from inactive to active and theserver request is linked to the existing connection. When the server isfinished, it closes the connection. In response, the CM puts theCM-to-client connection in an inactive state and closes the CM-to-serverconnection.

FIG. 15 illustrates one embodiment 1500 of the connection manager 1510as a proxy appliance. Clients 1 to N (1502-1 through 1502-N) areconnected to the Internet 1504. The connection manager 1510 and theserver 1512 are connected to a Local Network (LAN) 1508. Also connectedto the LAN 1508 is the router 1506, and the router 1506 is connected tothe Internet 1504.

In either the Transparent Router or Proxy implementation, if theapplication running on the server is “aware” of the CM, it may alsoestablish a control connection to the CM. The control connection allowsthe server to manage the CM and allows the CM to report status to theserver. Utilizing this feature requires adding functionality to theserver application and/or OS (i.e. CM awareness). Control capabilitiesmay include: 1) timeout periods—the amount of time before connectionsare transitioned to inactive states, 2) whether or not keep-alives arenecessary, 3) whether or not persistent connections are necessary or ifthe client can be connected to directly (i.e. not behind a firewall), 4)setting a connection to “always active”, and 5) etcetera.

Client side implementations of the present invention may be classifiedaccording to the level of modification of the existing client that ispossible (modifiable, non-modifiable, etc.). Specifically, themodification mainly concerns connection behavior, i.e. when and how itconnects to the server.

If the client's behavior can be modified, the client may be programmedto connect to the server (connection manager) immediately upon power-up,and maintain the connection indefinitely. If the connection is dropped,the client may attempt to reestablish the connection.

FIG. 16 illustrates one embodiment 1600 of a modifiable client. Afterpowering up 1602, connection is made to the server 1604. A check is thenmade to see if the connection has been dropped 1606. If the connectionhas not been dropped then other operation 1608 are performed and then acheck is made to see if the connection has been dropped 1606. If theconnection has been dropped (at 1606) then a connection is made to theserver 1604.

If the client's application is non-modifiable then another technique maybe used. If the client application does not normally maintain apersistent connection to the server, and its behavior is not modifiable,it may be necessary to run an agent at the client location to maintain aconnection to the server's CM and acts as a proxy between the server'sCM and the client. This agent may reside in the client, either sharing anetwork stack and/or having its own. It may also be a separate module orbox, and should be on the same side of the firewall and thus canestablish connections to both the CM and the client. Generally there aretwo types of clients to consider, 1) a connection-initiating client, and2) a connection-accepting client.

A connection-initiating client may normally initiate connections for theduration of a transaction (session) and then disconnect. One embodimentof the present invention is to simulate a persistent connection to theserver so the server can initiate transactions at any time, even thoughthe client may not be connected.

One approach is to use an agent running on the client side of thefirewall. The agent maintains a persistent “control channel” connectionto the CM. When the client needs to initiate a connection, it does sonormally. When the server needs to connect to the client, it requeststhe connection through the CM which in turn sends a request command tothe client agent through the control channel. The agent then notifiesthe client application to connect to the server.

FIG. 17 illustrates one embodiment 1700 of a connection-initiatingclient with an agent. The agent establishes a persistent control channelconnection to the CM 1702. Next, a check is made to see if the clienthas initiated a connection 1704. If the client has initiated aconnection, then the client establishes the connection 1710. If theclient had not initiated a connection, then a check is made to see ifthere is a request for a server to client connection 1706. If there is arequest for a server to client connections, then the client is notifiedto initiate a connection 1708, and the client establishes a connection1710. If there is no request for a server to client connection (checkedat 1706) then a check is made to see if the client has initiated aconnection 1704.

FIG. 18 illustrates one embodiment 1800 of a connection-initiatingclient 1802, a client agent 1806, and the connection manager 1814. Theclient agent 1806 establishes a persistent connection 1810 with theconnection manager 1814 through any firewall 1808 that may be present.Additionally, the client agent 1806 interfaces with the client 1802 viaa connect command 1804. This connect command 1804 could be issued to theclient 1802 via a network or some other signal or communication channel.The client 1802 may communicate with the CM 1814 via link 1812. Theserver 1818 may communicate with the CM 1814 via link 1816.

One example of operation may be the following. The server 1818communicates via link 1816 to the CM 1814 for a connection to the client1802. The CM 1814 communicates this request via 1810 to the client agent1806 which communicates via the connect command 1804 to the client 1802.In response the client 1802 initiates a connection via link 1812 to theCM 1814 which can communicate with the server 1818, thus establishing avirtual connection (as shown at 1820) between the server 1818 and theclient 1802. When the communication session is completed only link 1812will be torn down.

A connection-accepting client normally expects to receive connectionsand does not initiate connections. If the client is behind a firewall itmay not be reachable by the server. If client's connection behaviorcannot be modified, an agent may be used. The agent maintains apersistent control channel connection to the CM. When the server needsto connect to the client, it requests the connection through the CMwhich in turn sends a request command to the client agent through thecontrol channel. The agent then creates a data connection to the CM andcreates a second data connection to the client. This second dataconnection may be, for example, on its normal listen socket. The agentthen passes the connection data between the server and the client,linking them together. When the transaction/session is complete and theserver disconnects, all connections are closed except the CM to agentcontrol connection.

FIG. 19 illustrates one embodiment 1900 of the present invention with aconnection-accepting client with an agent. An agent establishes apersistent control channel connection to the CM 1902. A check is made tosee if there is a request for a server to client connection 1904. Ifthere is no request for a server to client connection then loop back andcheck again (done at 1904). If there is a request for a server to clientconnection then the agent creates a data connection to the CM 1906. Nextthe agent creates a data connection to the client 1908, and at 1910 theagent passes the data between the client and the server via the CM. Nexta check is made to see if the session is complete 1912. If the sessionis not complete then loop-back and the agent passes the data to/from theCM and client 1910. If the session is complete (checked at 1912) thenthe agent closes the data connection to the client 1914, then the agentcloses the data connection to the CM 1916, and then a check is made tosee if there is a request for a server to client connection 1904.

FIG. 20 illustrates one embodiment 2000 of a connection accepting client2002, an agent 2006, and the connection manager 2014. The client agent2006 establishes a persistent connection 2010 with the connectionmanager 2014 through any firewall 2008 that may be present.Additionally, the client agent 2006 interfaces/communicates with theclient 2002 via a link 2004. The client agent 2006 may communicate withthe CM 2014 via link 2012. The server 2018 may communicate with the CM2014 via link 2016.

One example of operation may be the following. The server 2018communicates via link 2016 to the CM 2014 for a connection to the client2002. The CM 2014 communicates this request via 2010 to the client agent2006 which opens the link 2012. Information is then transferred to/fromthe CM 2014 over the link 2012 to/from the client 2002 via the link 2004to the client agent 2006. Thus, the server 2018 can communicate with theclient 2002, thus establishing a virtual connection (as shown at 2020)between the server 2018 and the client 2002. When the communicationsession is completed link 2012 may be torn down.

Connection management may involve technical issues when managing a largenumber of persistent connections on a single machine. These issues mayinclude, but are not limited to, server resource management, connectiontransition control, inactive or extended connection table description,and keep-alive signal management.

Server resource management may affect how connections are managed. Intypical TCP implementations, each open connection may take aconsiderable amount of server resources. Even inactive connections mayconsume these resources. These resources may include, buffers,connection state tables, processes/threads, CPU resources, etc.

Network data buffers for transmit and receive are typically allocatedwhen the connection is established and are kept for the duration of theconnection. This consumes system memory (RAM). Connection state tablesor data structures are created for each connection which maintain thestate of the connection and references to its buffers. This alsoconsumes system memory. Many servers and applications create a newprocess or thread for each connection. Each process or thread has itsown associated data table, as well as stack space which consumes systemmemory. CPU overhead is increased with each thread managed by amultitasking kernel. In addition to the above mentioned burdens on theCPU, each connection adds burden in the form of cycles spent scanningtables every time data is received. Each time the server receives data(for example, every 100 to 2 k bytes), it scans the table of openconnections to match the data packet to the connection so it mayproperly route the data. As the list of connections grows, a larger andlarger amount of system resources and CPU time are consumed. With TCP,even transmit data will generate receive data overhead since there areacknowledge packets from the receiving end.

In one embodiment of the present invention, to reduce the consumption ofresources, connections which have no data activity are put in aninactive state. When a connection is transitioned from active toinactive, the following actions may be taken. The connection is removedfrom the active connection list and moved to an inactive connectionlist. Network buffers dedicated to this connection are freed. Anythreads or processes dedicated to this connection are terminated. Anyconnection state data held in system memory is moved to “slower” memory.Slower memory may include a disk or a database. Moving data to adatabase may have the advantage of allowing faster search and retrievalbut may also impose a higher system burden in processing databaserequests.

The inactive connection state may actually have several levels. Forexample there could be three states to a connection. One is active,where the connection is actively transferring data or is ready totransfer data. Second, inactive-idle, where the connection istransitioned to the inactive table, buffers are freed, and threadskilled. Third, inactive-sleep, where the connection state data is savedto slower memory.

Connections which are not transferring data may be initiallytransitioned from active to idle. Later the connections may betransitioned to the sleep state after a specified time interval or inresponse to a system monitor alert, etc.

FIG. 21 illustrates one embodiment 2100 of an implementation of amonitoring and processing thread in a connection manager. This may beinvoked periodically, any time a new client connection is made, if asystem monitor indicates a critical threshold is reached, such as lowmemory, low performance, etc., or any combination of these or otherevents.

At 2102 the flow chart starts and at 2104 a wait is made for invocation.When invoked a check is made to see if a connection threshold has beenreached 2106. If a connection threshold has not been reached then acheck is made to see if a performance threshold has been reached 2108.If a performance threshold has not been reached then loop back towaiting for an invocation 2104. If a connection threshold has beenreached (as checked at 2106) or a performance threshold has been reached(as checked at 2108) then at 2110 a scan is made of the connection table(hereinafter called a connection table scan) for the next connectionwhich may be a candidate for transition to an inactive state. Theconnection table scan is performed in accordance with an establishedpolicy which defines conditions and priorities for connection statetransition. If the connection table scan indicates that a connection maybe transitioned from idle to standby then at 2122 the connection stateinformation is cached to a slower memory (for example, a disk ordatabase). At 2124 other resources are freed up, at 2126 the entry inthe inactive table is updated, and then loop back to the connectiontable scan 2110. If the connection table scan indicates that aconnection may be transitioned from active to idle then at 2112connection buffers are freed, at 2114 other resources are freed up, at2116 the connection is removed from the active table, at 2118 an entryis created or updated in the inactive table, the receive thread iskilled 2120, and then loop back to the connection table scan 2110. Ifthe connection table scan is done, then loop back to 2104 waiting for aninvocation.

The CM may employ several mechanisms to determine when connections aretransitioned from active to inactive state, such as server activity,timer, performance monitor, explicit control, etc. For example, based onserver activity the client connection may be transitioned from active tothe lowest inactive level (“sleep” for example) when the server closesthe connection to the CM. A time interval may be specified. After aconnection has been “quiet” (no data activity) for that period of time,it may be transitioned from active to inactive. Additional intervals maybe specified to transition the inactive connection to lower levels ofinactive (i.e. from idle to sleep). The CM may run a performance monitorwhich monitors CPU loading and memory usage. When preset thresholds aremet, the CM is notified. The CM scans its connections and determinesthose that have been quiet for the longest period of time andtransitions them to the next lower level of inactivity. Explicit controlcommands from the server and/or the client may command the CM to put aspecific connection in a specified state. Command data may be sent tothe CM either through a separate control connection and/or in theexisting data connection by including CM specific commands in the datapayload.

In one embodiment of the present invention, a second connection table isused to describe inactive connections. Inactive connections aretransferred to this second connection table, which may be processed bythe server at a lower priority than the active connection table. Forefficiency, active connections are also kept in the table. The data isnot used by the server because the active table entry contents areprocessed first and contains all the necessary information forprocessing active connections. The table may contain, but is not limitedto, the following entries for each connection. For a socket, the addressand port of the client and server. Status state, such as active,standby, idle. Other states may be possible. Timestamp for timeout,which may contain a real-time stamp representing the earliest time atwhich this connection may be transitioned to the next lower state ofinactivity. This time stamp may be computed whenever the state of theconnection is changed. Time intervals for each transition, that is, oneor more entries representing the minimum times of inactivity which mustelapse before transitioning this connection to the next lower state ofinactivity. This allows transition times to be set for each client,although most applications may use global values which apply to allconnections. State data reference, that is, reference to the location ofthe cached state data for this connection. This may be a reference todisk storage, database entry, or any other memory location where thestate info has been saved. Sequence number, the current TCP sequencenumber for the connection. This may need to be maintained in systemmemory for connections which require a keep-alive signal.

In one possible embodiment of the present invention via a TCP layerimplementation, the server scans the “active connection” table when datais received looking for a connection match. If a match is found, the TCPprocessing proceeds normally. If a connection match is not found, theTCP segment information is passed to another lower priority thread whichprocesses inactive connections. The “inactive connection” threadsearches the (possibly larger) inactive connection table for a match andtransitions the inactive connection to the active state and passes theTCP segment back to the active connection processing thread whichhandles it as a normal active connection. Since this all may happen at alower priority, it may take longer to respond to an inactive connectionas compared to an active connection.

Keeping persistent connections open may be an issue. Some routers (likeNAT (network address translation) routers) maintain connection stateinformation and may timeout a connection after there has been no dataactivity for a period of time. To avoid the connection between theClient and CM from being closed by an intervening router, it may benecessary to send periodic “keep-alive” messages. These may beapplication level data or simply empty TCP segments. Since thesekeep-alive messages must be sent relatively frequently, it is desirablenot to bring a connection to the active state in order to generate orrespond to a keep-alive message. The simplest and most transparentsolution may be to use empty TCP segments for the keep-alive signal. Inresponse to the empty segment, the receiving end must acknowledge theempty segment. This periodic transaction may be sufficient to reset thedisconnect timer of an intervening router(s).

Note that using this approach, the challenge here is properly handlingthe TCP sequence number, which must be incremented for each TCP segmentsent from either side of the connection. Each data direction of aconnection has an independent sequence number which is incremented eachtime a segment is sent to the other side by the number of octets in thesegment. Therefore, the CM must maintain (at least) the transmitsequence number for each connection so it can transmit keep-alivesignals to the client, or acknowledge keep-alives received from theclient. There are a variety of possible solutions, including but notlimited to the following. One, the TCP sequence number may be stored inthe “inactive” connection table. When the server responds to akeep-alive, or needs to send a keep-alive, it gets the sequence numberfrom the table, uses it for the current keep-alive, and then updates thetable with the next sequence number if necessary. Second, the clientcould send keep-alive info in its keep-alive message. This may requiremodification of TCP layer. Third, the server may calculate the sequencenumber based on time and knowledge of frequency of keep-alive signals.

FIG. 22 illustrates one embodiment 2200 of the present invention for aclient to server connection request. The flow chart illustrates what theconnection manger does in response to a connection request from aclient. At 2202 the flow begins when a client attempts to connect to theserver via the CM. At 2204 a new server connection is opened. At 2206 acheck is made to see of the new server connection was openedsuccessfully. If the new connection was successfully opened then at 2208the connection is granted, and at 2210 the client and server connectionsare linked. Next a connection table entry is created for the client2212, then the end 2214 is reached. If the new server connection was notestablished successfully (as checked at 2206), the connection is denied2216, and then the end 2214 is reached.

FIG. 23 illustrates one embodiment 2300 of the present invention for aserver to client connection request. The flow chart illustrates what theconnection manger does in response to a connection request from theserver. At 2302 the flow begins when the server attempts to connect to aclient which is managed by the CM. At 2304 a scan is made of the activeconnection table. A check is made at 2306 to see if the connection isactive. If the connection is not active then a scan of the inactiveconnection table is made 2308, and at 2310 a check is made to see if thestatus is standby. If the status is standby then at 2312 the standbyconnection is activated, at 2314 the connection is granted, at 2316 theserver and client connections are linked, at 2318 a timestamp is reset,and then the flow is done 2320.

If the connection is active (as checked at 2306) then at 2314 theconnection is granted, at 2316 the server and client connections arelinked, at 2318 a timestamp is reset, and then the flow is done 2320.

If, at 2310 the check determines that the status is not standby, then acheck is made at 2322 to see if the status is idle. If the status at2322 is idle then at 2324 the idle connection is activated, at 2314 theconnection is granted, at 2316 the server and client connections arelinked, at 2318 a timestamp is reset, and then the flow is done 2320.

If, at 2322 the check determines that the status is not idle, then at2326 a new client connection is opened, at 2328 a check is made to seeif the connection was successful. If the connection was successful (astested at 2328) then a connection table entry is created for the client,at 2314 the connection is granted, at 2316 the server and clientconnections are linked, at 2318 a timestamp is reset, and then the flowis done 2320. If the connection was not successful (as tested at 2328)then the connection is denied 2332, and the flow is done 2320.

FIG. 24 illustrates one embodiment 2400 of the connection managerreceiving client data. The flow chart illustrates what the connectionmanger does when data is received from a connected client. At 2402 theflow starts with the receipt of a TCP data segment from the clientdestined for the server. At 2404 a scan is made of the active connectiontable. A check is made at 2406 to see if the connection is active. Ifthe connection is not active then a check is made to see if there isconnection data 2408. If there is no connection data then this data iseither a response to a keep-alive signal or some other response 2410 toa control signal which can be processed without activation theconnection, and the flow is done.

If at 2406 the connection is active, then at 2420 data is forwarded tothe server, at 2422 a timestamp is reset, and at 2412 the flow is done.

If at 2408 there is connection data, then a scan is made of the inactiveconnection table. Next a check is made at 2416 to determine if theconnection is in standby. If the connection (as checked at 2416) is instandby, then at 2418 the standby connection is activated, at 2420 datais forwarded to the server, at 2422 a timestamp is reset, and at 2412the flow is done.

If the connection is not in standby (as checked at 2416) then a check ismade to see if the connection is idle 2424. If the connection is idlethen at 2426 the idle connection is activated, at 2420 data is forwardedto the server, at 2422 a timestamp is reset, and at 2412 the flow isdone.

If the connection is not at idle (as checked at 2424) then at 2428 anerror is flagged with an invalid connection, and at 2412 the flow isdone.

One of ordinary skill in the art will appreciate that other techniquesare possible, for example, auto-determination/training. For example, ifthe server attempts to connect to a client and fails multiple times, itmay be assumed to be behind a firewall. The next time the clientconnects, the server or CM may instruct the client to maintain apersistent connection.

FIG. 25 illustrates one embodiment 2500 of the present invention showingan auto-determination. At 2502 a server connection is attempted. Next acheck is made at 2504 to see if the connection was successful. If theconnection was successful, then the fail counter is reset 2518, andother actions are taken 2520. If the connection was not successful (asdetermined at 2504), then a fail count is incremented 2506. At 2508 thefail count is checked to see if it is above a threshold. If the failcount is not above a threshold, then loop back to 2502 where a serverconnection is attempted. If the fail count is above a threshold (aschecked at 2508), then a server connection attempt is made 2510. At 2512a check is made to see if the server connection was successful. If theserver connection (as checked at 2512) was not successful, then loopback to 2510 where a server connection attempt is made. If at 2512 it isdetermined that the server connection attempt was successful, then at2514 the client is instructed to maintain a persistent connection, andthen at 2516 other possible actions.

Thus, what has been described are some of the various possibleembodiments of a connection manager, which by providing for persistentconnections with many clients, allows for clients communications withservers that otherwise may have been inaccessible.

FIG. 1 illustrates a network environment 100 in which the techniquesdescribed may be applied. The network environment 100 has a network 102that connects S servers 104-1 through 104-S, and C clients 108-1 through108-C. More details are described below.

FIG. 2 illustrates a computer system 200 in block diagram form, whichmay be representative of any of the clients and/or servers shown in FIG.1, as well as, devices, clients, and connection managers in otherFigures. More details are described below.

Referring back to FIG. 1, FIG. 1 illustrates a network environment 100in which the techniques described may be applied. The networkenvironment 100 has a network 102 that connects S servers 104-1 through104-S, and C clients 108-1 through 108-C. As shown, several computersystems in the form of S servers 104-1 through 104-S and C clients 108-1through 108-C are connected to each other via a network 102, which maybe, for example, a corporate based network. Note that alternatively thenetwork 102 might be or include one or more of: the Internet, a LocalArea Network (LAN), Wide Area Network (WAN), satellite link, fibernetwork, cable network, or a combination of these and/or others. Theservers may represent, for example, disk storage systems alone orstorage and computing resources. Likewise, the clients may havecomputing, storage, and viewing capabilities. The method and apparatusdescribed herein may be applied to essentially any type of communicatingmeans or device whether local or remote, such as a LAN, a WAN, a systembus, etc.

Referring back to FIG. 2, FIG. 2 illustrates a computer system 200 inblock diagram form, which may be representative of any of the clientsand/or servers shown in FIG. 1. The block diagram is a high levelconceptual representation and may be implemented in a variety of waysand by various architectures. Bus system 202 interconnects a CentralProcessing Unit (CPU) 204, Read Only Memory (ROM) 206, Random AccessMemory (RAM) 208, storage 210, display 220, audio, 222, keyboard 224,pointer 226, miscellaneous input/output (I/O) devices 228, link 229,communications 230, and port 232. The bus system 202 may be for example,one or more of such buses as a system bus, Peripheral ComponentInterconnect (PCI), Advanced Graphics Port (AGP), Small Computer SystemInterface (SCSI), Institute of Electrical and Electronics Engineers(IEEE) standard number 1394 (FireWire), Universal Serial Bus (USB), etc.The CPU 204 may be a single, multiple, or even a distributed computingresource. Storage 210, may be Compact Disc (CD), Digital Versatile Disk(DVD), hard disks (HD), optical disks, tape, flash, memory sticks, videorecorders, etc. Display 220 might be, for example, a Cathode Ray Tube(CRT), Liquid Crystal Display (LCD), a projection system, Television(TV), etc. Note that depending upon the actual implementation of acomputer system, the computer system may include some, all, more, or arearrangement of components in the block diagram. For example, a thinclient might consist of a wireless hand held device that lacks, forexample, a traditional keyboard. Thus, many variations on the system ofFIG. 2 are possible.

For purposes of discussing and understanding the invention, it is to beunderstood that various terms are used by those knowledgeable in the artto describe techniques and approaches. Furthermore, in the description,for purposes of explanation, numerous specific details are set forth inorder to provide a thorough understanding of the present invention. Itwill be evident, however, to one skilled in the art that the presentinvention may be practiced without these specific details. In someinstances, well-known structures and devices are shown in block diagramform, rather than in detail, in order to avoid obscuring the presentinvention. These embodiments are described in sufficient detail toenable those skilled in the art to practice the invention, and it is tobe understood that other embodiments may be utilized and that logical,mechanical, electrical, and other changes may be made without departingfrom the scope of the present invention.

Some portions of the description may be presented in terms of algorithmsand symbolic representations of operations on, for example, data bitswithin a computer memory. These algorithmic descriptions andrepresentations are the means used by those skilled in the dataprocessing arts to most effectively convey the substance of their workto others skilled in the art. An algorithm is here, and generally,conceived to be a self-consistent sequence of acts leading to a desiredresult. The acts are those requiring physical manipulations of physicalquantities. Usually, though not necessarily, these quantities take theform of electrical or magnetic signals capable of being stored,transferred, combined, compared, and otherwise manipulated. It hasproven convenient at times, principally for reasons of common usage, torefer to these signals as bits, values, elements, symbols, characters,terms, numbers, or the like.

It should be borne in mind, however, that all of these and similar termsare to be associated with the appropriate physical quantities and aremerely convenient labels applied to these quantities. Unlessspecifically stated otherwise as apparent from the discussion, it isappreciated that throughout the description, discussions utilizing termssuch as “processing” or “computing” or “calculating” or “determining” or“displaying” or the like, can refer to the action and processes of acomputer system, or similar electronic computing device, thatmanipulates and transforms data represented as physical (electronic)quantities within the computer system's registers and memories intoother data similarly represented as physical quantities within thecomputer system memories or registers or other such information storage,transmission, or display devices.

The present invention can be implemented by an apparatus for performingthe operations herein. This apparatus may be specially constructed forthe required purposes, or it may comprise a general-purpose computer,selectively activated or reconfigured by a computer program stored inthe computer. Such a computer program may be stored in a computerreadable non-transitory storage medium, such as, but not limited to, anytype of disk including floppy disks, hard disks, optical disks, compactdisk-read only memories (CD-ROMs), and magnetic-optical disks, read-onlymemories (ROMs), random access memories (RAMs), electricallyprogrammable read-only memories (EPROM)s, electrically erasableprogrammable read-only memories (EEPROMs), FLASH memories, magnetic oroptical cards, etc., or any type of non-transitory media suitable forstoring electronic instructions either local to the computer or remoteto the computer.

The algorithms and displays presented herein are not inherently relatedto any particular computer or other apparatus. Various general purposesystems may be used with programs in accordance with the teachingsherein, or it may prove convenient to construct more specializedapparatus to perform the required method. For example, any of themethods according to the present invention can be implemented inhard-wired circuitry, by programming a general-purpose processor, or byany combination of hardware and software. One of skill in the art willimmediately appreciate that the invention can be practiced with computersystem configurations other than those described, including hand-helddevices, multiprocessor systems, microprocessor-based or programmableconsumer electronics, digital signal processing (DSP) devices, set topboxes, network PCs, minicomputers, mainframe computers, and the like.The invention can also be practiced in distributed computingenvironments where tasks are performed by remote processing devices thatare linked through a communications network.

The methods of the invention may be implemented using computer software.If written in a programming language conforming to a recognizedstandard, sequences of instructions designed to implement the methodscan be compiled for execution on a variety of hardware platforms and forinterface to a variety of operating systems. In addition, the presentinvention is not described with reference to any particular programminglanguage. It will be appreciated that a variety of programming languagesmay be used to implement the teachings of the invention as describedherein. Furthermore, it is common in the art to speak of software, inone form or another (e.g., program, procedure, application, driver, . .. ), as taking an action or causing a result. Such expressions aremerely a shorthand way of saying that execution of the software by acomputer causes the processor of the computer to perform an action orproduce a result.

It is to be understood that various terms and techniques are used bythose knowledgeable in the art to describe communications, protocols,applications, implementations, mechanisms, etc. One such technique isthe description of an implementation of a technique in terms of analgorithm or mathematical expression. That is, while the technique maybe, for example, implemented as executing code on a computer, theexpression of that technique may be more aptly and succinctly conveyedand communicated as a formula, algorithm, or mathematical expression.Thus, one skilled in the art would recognize a block denoting A+B=C asan additive function whose implementation in hardware and/or softwarewould take two inputs (A and B) and produce a summation output (C).Thus, the use of formula, algorithm, or mathematical expression asdescriptions is to be understood as having a physical embodiment in atleast hardware and/or software (such as a computer system in which thetechniques of the present invention may be practiced as well asimplemented as an embodiment).

Reference has been made to device(s) and client(s). These terms, asunderstood by one skilled in the art, are often consideredinterchangeable and/or having the same essence in differing situations.For example, a consumer may consider a music player a device, howeverfrom a network point of view the music player may be considered aclient. What is to be appreciated is that in the art, the wordssometimes have meanings commensurate with the surrounding environment,and yet often the words are used interchangeably without respect to thespecific structure or environment, i.e. one skilled in the artunderstands the use and meaning.

In the Figures arrows have been used to denote flow and/or connections.The distinction should be noted however that one use for the arrows doesnot preclude or dictate the other. That is, the use of arrows is toassist in the understanding of possible embodiments of the invention.For example, in FIG. 20, control 2010 has an arrow going from clientagent 2006 to connection manager 2014. In this case, as explained, theclient agent 2006 “initiates a connection” via control 2010 “to” theconnection manger 2014. Thus, the arrow indicates the initialconnection. It is to be understood that once a connection is made thatinformation may flow bi-directionally. That is the arrow does notindicate a unidirectional information flow. Information may flow fromthe client agent 2006 to the connection manager 2014, and from theconnection manager 2014 to the client agent 2006.

A machine-readable medium is understood to include any non-transitorymechanism for storing or transmitting information in a non-transitoryform readable by a machine (e.g., a computer). For example, amachine-readable medium includes read only memory (ROM); random accessmemory (RAM); magnetic disk storage media; optical storage media; flashmemory devices; electrical, optical, acoustical or other form ofnon-transitory storage media.

Thus, a method and apparatus for a client connection manager have beendescribed.

What is claimed is:
 1. A method comprising: establishing from behind afirewall a cached persistent connection that supports TCP; maintainingthe connection from behind the firewall via a keep-alive signal in anactive state, or a non-active state selected from the group consistingof inactive, and sleep; transitioning an active connection to the groupconsisting of inactive, and sleep based upon a criteria selected fromthe group consisting of server activity, time, performance, and explicittransition control; and when said maintaining in said active state nodata is sent to a server, and a timestamp of said keep-alive signal isnot reset and wherein said keep-alive signal is an empty TCP segment.